Identifying and Safeguarding PII V4.0 (2024)
QUESTIONS WITH FULLY UPDATED
SOLUTIONS!!
Which of the following must Privacy Impact Assessments (PIAs) do?
- Analyze how an organization handles information to ensure it satisfies requirements
-mitigate privacy risks
-determine the risks of collecting, using, maintaining, and disseminating PII on electronic
information systems.
-all of the above correct answers All of the Above
True or False? An Individual whose PII has been stolen is susceptible to identity theft, fraud,
and other damage. correct answers True
What / Which guidance identifies federal information security controls?
-The Freedom of Information Act (FOIA)
-The Privacy Act of 1974
-OMB Memorandum M-17-12: Preparing for and responding to a breach of PII
-DOD 5400.11-R: DOD Privacy Program correct answers OMB Memorandum M-17-12
Which of the following is NOT an example of PII?
-Driver's License Number
-Pet's nickname
-Social Security Number
-Fingerprints correct answers Pet's nickname
Which of the following is NOT a permitted disclosure of PII contained in a system of
records?
-These are all permitted disclosures
-The record is disclosed for a new purpose that is not specified in the SORN
-The record is disclosed for routine use.
-The individual has requested that their record be disclosed. correct answers The record is
disclosed for a new purpose that is not specified in the SORN
PIA is required when organization collects PII from: correct answers - Existing information
systems and electronic collections for which no PIA was prev completed.
-New information systems or electronic collections.
(before development or purchase and/or converting paper records to electronic systesm)
PIA is not required when the information system or electronic collection: correct answers -
does not collect, maintain, or disseminate PII
-is a national security system, including one that process classified info
- is solely paper-based
Within what timeframe must DOD organizations report PII breaches to the United States
Computer Emergency Readiness Team (US-CERT) once discovered?
-1 hour
-12 hours
-48 hours
QUESTIONS WITH FULLY UPDATED
SOLUTIONS!!
Which of the following must Privacy Impact Assessments (PIAs) do?
- Analyze how an organization handles information to ensure it satisfies requirements
-mitigate privacy risks
-determine the risks of collecting, using, maintaining, and disseminating PII on electronic
information systems.
-all of the above correct answers All of the Above
True or False? An Individual whose PII has been stolen is susceptible to identity theft, fraud,
and other damage. correct answers True
What / Which guidance identifies federal information security controls?
-The Freedom of Information Act (FOIA)
-The Privacy Act of 1974
-OMB Memorandum M-17-12: Preparing for and responding to a breach of PII
-DOD 5400.11-R: DOD Privacy Program correct answers OMB Memorandum M-17-12
Which of the following is NOT an example of PII?
-Driver's License Number
-Pet's nickname
-Social Security Number
-Fingerprints correct answers Pet's nickname
Which of the following is NOT a permitted disclosure of PII contained in a system of
records?
-These are all permitted disclosures
-The record is disclosed for a new purpose that is not specified in the SORN
-The record is disclosed for routine use.
-The individual has requested that their record be disclosed. correct answers The record is
disclosed for a new purpose that is not specified in the SORN
PIA is required when organization collects PII from: correct answers - Existing information
systems and electronic collections for which no PIA was prev completed.
-New information systems or electronic collections.
(before development or purchase and/or converting paper records to electronic systesm)
PIA is not required when the information system or electronic collection: correct answers -
does not collect, maintain, or disseminate PII
-is a national security system, including one that process classified info
- is solely paper-based
Within what timeframe must DOD organizations report PII breaches to the United States
Computer Emergency Readiness Team (US-CERT) once discovered?
-1 hour
-12 hours
-48 hours
